Mattermost Platform

Mattermost joins Red Hat, GitHub and Google in the CVE Program to maintain an international, open data registry of security vulnerabilities

Mattermost is joining Red Hat, Google, and GitHub and over 130 other leading technology organizations authorized to be a Common Vulnerabilities and Exposures (CVE) Numbering Authority (CNA) by the CVE Program

The world’s most privacy-conscious enterprises and governments rely on Mattermost’s self-hosted, open source collaboration platform to keep their most vital communications safe and sovereign. 

In an environment where SaaS-based remote communications are potentially subject to opacity and surveillance at every layer in their technology stacks, Mattermost is unique in its empowerment of organizations to install and operate their messaging platform free of outside monitoring and providing full transparency into the systems’s source code and enabling high trust collaboration.   

Building on the foundations of our security policy

Safety and data security has always been of utmost priority for Mattermost. As an open source project, development at Mattermost is aided by over 1,000 open source contributors with full access to the source code, who have a vested interest in keeping software secure and vetted. Our responsible disclosure policy is in place for the community to confidentially report security issues so they can be addressed by Mattermost in collaboration with the reporter prior to releasing and documenting security updates publicly. 

As we grow, we’re continually looking for ways to better communicate security concerns and vulnerabilities to our community, ensuring that Mattermost contributors and users have access to the information they need to make informed security decisions. 

Partnering with a global network to uplevel our vulnerability management program 

Common Vulnerabilities and Exposures (CVE®) is an international, community-based effort that maintains a community-driven, open data registry of vulnerabilities. Because CVE IDs create a standardized identifier for known vulnerabilities, they provide an important baseline for sharing security knowledge between organizations. 

“Our mission at Mattermost is to make the world safer and more productive through open source software,” says Corey Hulen, co-founder and CTO of Mattermost. “We believe that openness and transparency are the foundation of that vision and we’re delighted to join security-minded organizations like Red Hat, GitHub, and Google in a joint commitment to support the global security community through the CVE Program.” 

By engaging in the CVE Program, Mattermost joins some of the most impactful technology organizations in the world to build a more comprehensive resource for evaluating the coverage of their tools and understanding security risks. As a CNA, we can take our vulnerability management program to the next level by ensuring that our customers receive security information in a standardized fashion and format, using the tools they utilize in their day to day operations for vulnerability management.

What’s next for security at Mattermost

As our organization, code base, and community grow, we’re committed to extending our security initiatives to better serve our users and the security community. In the next few months, we plan to open our security bug bounty program to the public with the goal to provide an enhanced reporter experience but also promote our responsible disclosure program to a bigger audience.

To stay up to date with security policies and initiatives at Mattermost, subscribe for updates and follow us on Twitter.


Ashley Dotterweich is the Head of Content at Mattermost. Previously, she ran content marketing for Heavybit Industries and Rainforest QA.